Umair Nehri

DevOps Manager

Dubai, United Arab Emirates4 yrs 5 mos experience

Key Highlights

  • Led security assessments for high-risk sectors.
  • Developed multiple open-source security tools.
  • Recognized by major organizations for web security expertise.
Stackforce AI infers this person is a Cybersecurity professional specializing in web application security and vulnerability research.

Contact

LinkedIn

Skills

Core Skills

Web Application SecuritySecurity Research

Other Skills

Amazon S3Amazon Web Services (AWS)Application SecurityAttack Surface ManagementAutomationAutomation ToolsBashC++Cloud SecurityCyber Threat Intelligence (CTI)CybersecurityEthical HackingFront-end DevelopmentGo (Programming Language)Golang

About

A security researcher with a strong interest in Web Application Security, OSINT and developing security tools. I had pursued my Bachelor of Computer Applications (BCA) from Maulana Azad College of Arts Science and Commerce Aurangabad (2020-23) and hold strong academic and extracurricular records. I was also selected as a Lead for the Google Developers Student Club chapter for my college. Currently I am working as a Senior Security Analyst and Researcher and previously worked as a Security Researcher for RedHunt Labs. Both of these opportunities have helped me get used to tasks such as: • Developing Security Tools and Scripts • Researching around latest and trending vulnerabilities and developing scanners for them in certain cases • Conducting research work including Internet-Wide scans for a wide variety of topics like dependency related vulnerabilities, state of security of Android apps etc • Writing POCs and various other scripts for mass scans I also try to actively participate in CTFs, Conferences as well as other community events to enhance my existing skill set as well as contribute to some initiatives every now and then. I am also a Senior Judge for the Trace Labs Search Party CTF where I review all the incoming submissions by the participants and has volunteered more than 8 times in a row. When it comes to development (especially security-focused tools), I believe I have a good hold on C++, Golang, Python, Docker, SQL, Bash, C and Web (HTML, CSS, JS, Bootstrap, PHP). At the moment I am also trying to learn new languages such as V and developing smart contracts in Solidity to get an idea about the security aspect of Blockchain. I also hold a beginner-intermediate level of knowledge when it comes to Cloud Computing and specifically GCP where I have worked on tools for asset extraction which also focused on other platforms such as DigitalOcean and Cloudflare. Some of my significant open-source contributions are: • BucketLoot (S3 Bucket Scanner) - https://github.com/redhuntlabs/BucketLoot • Genzai (IoT Security Scanner) - https://github.com/umair9747/Genzai • Hunt4Spring (Vulnerability Scanner) - https://github.com/redhuntlabs/Hunt4Spring • Vichiti (OSINT) - https://github.com/umair9747/vichiti • Archer (Web) - https://github.com/umair9747/Archer • Headmail (OSINT) - https://github.com/umair9747/headmail When it comes to my experience with web application security, I have been acknowledged by IBM, Swiggy, Hotstar, Department of Justice and Security Netherlands, US Department of Defense, UnitedNations, Brazil Government, Kongsberg, etc.

Experience

4 yrs 5 mos
Total Experience
2 yrs 2 mos
Average Tenure
2 yrs 4 mos
Current Experience

Spidersilk

Senior Security Analyst and Researcher

Feb 2024Present · 2 yrs 4 mos · Dubai, United Arab Emirates · On-site

  • Leading external attack surface monitoring and OSINT assessments for key customers, focusing on high-risk sectors including government entities
  • Managing ASM (Attack Surface Management) dashboards and delivering continuous posture assessments across internet-wide assets
  • Researching and building automation tools and internal web applications to streamline asset discovery, threat identification, and reporting workflows for analysts
  • Conducting in-depth manual assessments, including web application penetration testing, API fuzzing, misconfiguration analysis, and identification of third-party exposures
  • Performing targeted source code reviews to detect and triage vulnerabilities such as LFI, XSS, SQLi, RCE, SSRF, and other common web security issues
  • Collaborating with cross-functional teams to generate Proof of Value (PoV) reports and customized risk profiles tailored to customer environments
  • Acting as a technical lead in customer engagements, helping onboard new customers and providing ongoing support and strategic security insights
  • Was part of the team during our acquisition by CPX, a leading cybersecurity firm under Group42 (G42), marking a significant milestone that strengthened our strategic capabilities and expanded regional presence
Attack Surface ManagementOSINTWeb Application Penetration TestingAutomation ToolsThreat IdentificationWeb Application Security+1

Redhunt labs

Security Researcher

Jan 2022Feb 2024 · 2 yrs 1 mo · United Kingdom · Remote

  • I worked as a Security Researcher for RedHunt Labs, where my duties involved:
  • Developing Security Tools and Scripts
  • Researching around latest and trending vulnerabilities and developing scanners for them in certain cases
  • Conducting research work including Internet-Wide scans for a wide variety of topics like dependency-related vulnerabilities, state of security of Android apps etc
  • Writing POCs and various other scripts for mass scans
Security Tools DevelopmentVulnerability ResearchInternet-Wide ScansPOC WritingSecurity ResearchWeb Application Security

Haryana police

Gurugram Police’s GPCSSI Intern

Jun 2021Jul 2021 · 1 mo · Remote

  • I was selected to be a part of the GPCSSI2021 Internship program under the guidance of Mr Rakshit Tandon sir. During a period of 1 month, I was made familiar to several new topics in the Information Security domain under the guidance of many industrial experts. During my internship I also experimented around analysing email headers and released an open-source extractor for the same which can be found at: https://github.com/umair9747/headmail

Education

Maulana Azad College of Arts,commerce & Science, Roza Baug

Bachelor of Computer Application — Information Technology

Jan 2020May 2023

JK Public School

Class 12th — Commerce

Jan 2018Jan 2020

Stackforce found 100+ more professionals with Web Application Security & Security Research

Explore similar profiles based on matching skills and experience

Howard Kelly

Howard Kelly

Founder & Director | Cyber Security, Technology, Data & AI

at Meliora

Hong Kong, Hong Kong SAR13 yrs 7 mos exp
Cyber SecurityRisk Management
NY

Nanarao Yarragunta

Lead Software QA Engineer

at Molina Healthcare

Dallas, United States13 yrs 10 mos exp
Quality AssuranceAutomationTest ManagementTest Automation
vishal sharma

vishal sharma

Product Security Engineer

at Newt Global

Bengaluru, India3 yrs 7 mos exp
Application SecurityVulnerability Assessment
Saad Rasheed

Saad Rasheed

Specialist - Cyber Security

at AT&T

Udupi, India7 yrs 8 mos exp
CybersecuritySecurity ConsultingSecurity Testing
NithishSharavanan S K

NithishSharavanan S K

Software Development Engineer

at BlueSapling

Coimbatore, India2 yrs 2 mos exp
Software DevelopmentAPI Development
Suman Roy Chowdhury

Suman Roy Chowdhury

OSS Specialist

at UltraViolet Cyber

Bengaluru, India1 yr 7 mos exp
Utkarsh J.

Utkarsh J.

Security Engineer

at Deliveroo

Bengaluru, India6 yrs 3 mos exp
Radheshyam Kori

Radheshyam Kori

Information Technology Consultant

at freelance

Noida, India19 yrs 9 mos exp
Full Stack DevelopmentSoftware ArchitectureWeb Application DevelopmentWeb DevelopmentTechnical Architecture